8 Replies Latest reply on Oct 28, 2010 8:17 AM by ziliop

    Adding roles to user on the fly

    osganian
    osganian Mar 8, 2006 12:46 PM

      I have JBoss 4.0.3.

      I have a logged in user and I wish to add roles to them on the fly (say the user registers for additional services). I'm using the DatabaseServerLoginModule and I update my corresponding UserRoles table to add in the new roles but I don't want to have my user logout and then back in again for those roles to be refreshed. Does anybody know how I can get the JBossSecurityMgrRealm (which looks like he's the guy that authenicates the user and handles the isUserInRole method for an HttpServletRequest object) to refresh the user's roles?

      Thanks for any help,
      Mike

      • 15108 Views
      • Tags:
        • 1. Re: Adding roles to user on the fly
          starksm64
          starksm64 Mar 8, 2006 1:09 PM (in response to osganian)

          Q11, http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ

            • Actions
          • 2. Re: Adding roles to user on the fly
            kuzmiigo
            kuzmiigo Jul 25, 2006 9:48 AM (in response to osganian)

            Hello!

            I understand that disabling or flushing cache doesn't help. It helps when user logs in again, but doesn't help to update "Roles" group of the Subject on the fly (while user is still logged in).

            Nevertheless, is it possible to update user roles without need for user to log out?

            Best regards,

            Igor

              • Actions
            • 3. Re: Adding roles to user on the fly
              starksm64
              starksm64 Jul 28, 2006 9:34 AM (in response to osganian)

              That is not correct. If you flush the cache the existing authentication is revalidated which means reloading the Subject and its roles.

                • Actions
              • 4. Re: Adding roles to user on the fly
                kuzmiigo
                kuzmiigo Jul 28, 2006 11:15 AM (in response to osganian)

                Thank you for your reply.

                Unfortunately, I cannot get it work. I have cache disabled, I flush the cache, but still roles remain the same. From the log I see that LoginModules (I use custom LoginModule to populate roles group) are not called.

                Igor

                  • Actions
                • 5. Re: Adding roles to user on the fly
                  kuzmiigo
                  kuzmiigo Jul 29, 2006 3:22 PM (in response to osganian)

                  Some additional information.

                  jboss-web.xml:

                  <jboss-web>
 <security-domain>java:/jaas/testdomain</security-domain>
</jboss-web>


                  From login-config.xml: 
                  <application-policy name="testdomain">
 <authentication>
 <login-module code="com.test.security.SpecialLoginModule1" flag="required">
 <module-option name="password-stacking">useFirstPass</module-option>
 <module-option name="dsJndiName">java:/DefaultDS</module-option>
 </login-module>
 <login-module code="com.test.security.SpecialLoginModule2" flag="required">
 <module-option name="password-stacking">useFirstPass</module-option>
 <module-option name="dsJndiName">java:/DefaultDS</module-option>
 </login-module>
 </authentication>
</application-policy>



                  Flushing code: 
                  String domain = "testdomain";
Principal principal = new SimplePrincipal(user.getUsername());
ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager");
Object[] params = { domain, principal };
String[] signature = { "java.lang.String", Principal.class.getName() };
MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0);
server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);


                  Credentials caching is disabled, after flushing (just in case) Subject is not populated again (LoginModules are not called again to populate "Roles" group).

                  I would be grateful for your comments,

                  Igor

                    • Actions
                  • 6. Re: Adding roles to user on the fly
                    starksm64
                    starksm64 Jul 30, 2006 6:08 PM (in response to osganian)

                    Show the trace level logging of the org.jboss.security category that demonstrates what is happening. Q4 of the following shows the key categories:
                    http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ

                      • Actions
                    • 7. Re: Adding roles to user on the fly
                      kuzmiigo
                      kuzmiigo Jul 30, 2006 8:01 PM (in response to osganian)

                      Scott,

                      I sent you the security log by e-mail.

                      Thank you again,

                      Igor

                        • Actions
                      • 8. Re: Adding roles to user on the fly
                        ziliop
                        ziliop Oct 28, 2010 8:17 AM (in response to osganian)

                        This is an old thread but is the only i found that match my problem.

                         

                        So. I need to add/remove roles to a subject on the fly, but i have multiple webapps in the same server. When i add a role to a subject in /contextA, i need it reflects in /contextB, /contextC and so on...

                         

                        We are using JBoss 4.2.3-GA.

                         

                        server.xml has:

                        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />

                         

                        and we have a Custom LoginModule

                         

                        Thanks for your help.

                          • Actions